Recovery story . Ethereum presale

1,000 ETH, one presale wallet, and a password that “should have worked”

The owner was sure of the password. It still wouldn’t open the wallet. The real problem wasn’t the password at all — it was how it had been stored a decade earlier.

Atualizado em julho de 2026 · KeychainX — Recuperação de carteiras desde 2017

Some of the most valuable wallets we open belong to people who bought Ether in the original 2014 presale — when ETH cost about thirty cents. This is one of those cases: roughly 1,000 ETH locked in an ethereum_backup_wallet.json file, and an owner who remembered the password but couldn’t get in. Details are anonymised, but the technical story is exactly how it went.

A situação

The owner had participated in the presale, downloaded their wallet JSON, and written the password down carefully. Years later, with ETH worth thousands of times its presale price, they tried to open it — and the standard presale tool rejected the password. They tried every capitalisation and variation they could think of. Nothing worked of course. By the time they contacted us, they were convinced the file itself was corrupted.

O que tornou isso difícil

The presale wallet format encrypts the seed with PBKDF2-HMAC-SHA256 and AES-128-CBC. It is unforgiving: either the password produces a byte-perfect decryption or it fails completely, with no “close enough”. The owner’s password contained a non-ASCII character — and that was the whole problem. A decade ago, on the machine where the wallet was created, that character was stored in one byte encoding. Re-typed today on a modern keyboard and OS, it produced different bytes. The two looked identical on screen but were not the same input. The password was right; the encoding was wrong.

Como conseguimos resolver o problema

We took the owner’s exact password and generated every plausible encoding and normalisation of it — UTF-8 versus Latin-1, composed versus decomposed Unicode forms, and the specific substitutions that particular character can take across keyboards and operating systems. Each variant was tested offline against the encrypted file using the presale hash mode on our GPU hardware. Within the candidate set built from that single “known” password, one encoding decrypted the wallet cleanly and reproduced the correct address. The password had been correct from day one.

O resultado

The wallet opened, the private key was exported, and the owner moved roughly 1,000 ETH to a modern wallet under their own control — we never took custody of the funds. The fee was a percentage of the recovered value, paid only because we succeeded. What had looked like a corrupted, worthless file was a fortune the whole time, blocked by an invisible encoding difference.

How common is this, really?

Far more common than people expect. The 2014 presale wallet is notoriously fragile, and over the years we’ve catalogued nearly twenty distinct ways a “correct” password can fail to open one — encoding mismatches, Unicode normalisation differences, whitespace and keyboard-layout quirks, and a handful of genuine software bugs from the original tooling. The encoding issue in this case is simply the most frequent of them. That’s why we treat “my password is right but it won’t open” not as a dead end but as a diagnosis: it usually means the password is fine and something around it needs reproducing. The people who give up assume a corrupted file; the ones who recover assume an encoding problem and test for it.

Could you do this yourself?

In principle, yes — the presale format is public and there are open tools that test passwords against it. In practice, the hard part isn’t running the tool, it’s generating the right candidates: knowing which encodings and normalisation forms a given character can take, on which operating systems, and expressing that as a search rather than typing variants by hand. If a straightforward attempt with your “known” password has already failed, that failure is the clue — it points at exactly the kind of transformation that’s tedious to enumerate manually but quick to search systematically.

How to give a presale case the best shot

If you want us to look at a presale wallet, three things make the difference: the ethereum_backup_wallet.json file itself; the exact password you believe is correct, typed as best you can reproduce it; and any detail about where it was created — the operating system, the keyboard language, and roughly the year. That context is what lets us reconstruct the encodings and normalisation forms in play at the time. Even “it was a German keyboard on an old Windows laptop” can be the detail that decides the case.

What this case says about presale wallets

There is an enormous amount of 2014 presale ETH that has never moved — a large share of it not because owners chose to hold, but because they can no longer get in. Cases like this one show that a meaningful portion of it isn’t truly lost; it’s blocked by exactly the kind of solvable, mechanical problem we just described. The wallets that stay locked forever tend to be the ones whose owners assumed the worst and stopped trying. The ones that come back are the ones whose owners kept the file, remembered roughly what the password was, and let someone reproduce the conditions it was created under. If you’re holding a presale wallet you’ve written off, it may be worth a second look — a decade of price appreciation makes even a modest presale stake worth the effort.

O que pode retirar daqui

If you have a presale wallet and a password you’re certain of, but it won’t open, don’t assume the file is broken — especially if the password contains an accent, umlaut or other non-ASCII character. That is the single most common reason a “correct” presale password fails, and it is exactly the kind of problem that’s solvable. See our Ethereum presale recovery page for the full picture.

Perguntas frequentes

My presale password is definitely correct but won’t open the wallet. Why?

Most often an encoding issue: a non-ASCII character in the password was stored in a different byte encoding than you type today. The password is right; the bytes differ. We reproduce those encodings and recover it.

What file do you need for a presale wallet?

The presale JSON, usually named ethereum_backup_wallet.json, plus your best memory of the password. Without the file there is nothing to decrypt.

Do you take custody of the recovered ETH?

No. When the wallet opens, you move the funds yourself to a wallet you control. We never hold your coins.

Quanto custa a recuperação da pré-venda?

Baseado no sucesso: uma percentagem do valor recuperado apenas se conseguirmos aceder à carteira, sem qualquer pagamento inicial.

Stuck on a presale wallet?

Send us the JSON and the password you’re sure of. If an encoding quirk is blocking it, that’s exactly what we solve. Honest assessment within 24 hours.

Contactar a KeychainX →